Back to Home

Postgresus 2.0: PostgreSQL backup updates

Postgresus 2.0 adds AES-256 encryption, project management with RBAC, optimized zstd compression and Helm for Kubernetes. The tool enhances the security of PostgreSQL backups for teams. Support for new storages and notifications simplifies DevOps processes.

New features of Postgresus 2.0 for PostgreSQL backups
Advertisement 728x90

# Postgresus 2.0: Key Updates for Automated PostgreSQL Backups

Postgresus 2.0 boosts the capabilities of this open source PostgreSQL backup tool. In just six months, the project has racked up 246 commits, 2.7k stars on GitHub, and 40k downloads from Docker Hub. New features include database health checks, expanded storage and notification options, project management with roles, multi-level encryption, optimized compression, and a Helm chart for Kubernetes. Ditching incremental backups has streamlined the architecture.

The tool deploys via Docker, docker-compose, or Helm, and supports both self-hosted and managed PostgreSQL. The main focus is automating scheduled backups with notifications and storage in various backends.

Database Availability Checks

The new feature monitors connection status to databases. Postgresus periodically checks availability, displays metrics in the UI, and sends notifications during downtimes. You can disable checks or configure the interval.

Google AdInline article slot

When a database is unavailable, it generates an alert via your chosen channel: Telegram, Slack, Discord, MS Teams, SMTP, or webhook. This lets you respond to outages quickly without extra monitoring tools.

Expanded Storage and Notifications

Storage support has grown: added CloudFlare R2, Google Drive, Azure Blob Storage, and NAS alongside local disk and S3. FTP, SFTP, and NFS are planned.

Notifications now integrate with Slack, Discord, MS Teams, and custom webhooks. Webhooks offer flexible setup for any platform.

Google AdInline article slot
  • Storage: S3, R2, Google Drive, Azure Blob, NAS, local.
  • Notifications: Slack, Discord, Telegram, MS Teams, SMTP, webhook.

Project Management and RBAC

Project hierarchy has been introduced for segmenting databases. Admins create projects and assign users roles:

  • Read-only: view backup history, download files.
  • Edit: add/remove/change databases + read-only permissions.

Audit logs record all actions: deleting databases, downloading backups, changing settings. This is essential for DBA, DevOps teams, and outsourced developers handling data from multiple clients.

Projects enable isolation of:

Google AdInline article slot
  • Client A's databases.
  • Company B's internal databases.
  • Team C's test environments.

Multi-Level Encryption and Security

Security has been overhauled for enterprise use cases. Protection across three levels:

Secrets Encryption

Database passwords, storage tokens, and notification credentials are encrypted with AES-256-GCM. The key is stored in a separate file outside the Postgresus database. Decryption happens on-demand during use.

Backup Encryption

pg_dump files are encrypted on the fly with salt and IV (AES-256-GCM). Enabled by default but can be disabled. Protects against leaks even in public S3 buckets.

Read-Only Users

When adding a database with write permissions, Postgresus suggests creating a read-only role. This automates best practices and minimizes data corruption risks in case of compromise.

Compression Optimization and Performance

zstd level 5 by default for PostgreSQL 16+ (gzip for PG 12+). Benchmarks across 21 scenarios show the optimal speed/size balance: ~8x compression, 2x space savings at the same speed vs. gzip 5.

Dropping incremental backups and PITR simplified the logic, focusing on full dumps.

Kubernetes Deployment and UI Improvements

Added a Helm chart for native k8s installs. Three contributors collaborated on it.

The UI now features a dark theme (as requested by the community). UX enhancements target mid/senior users: dashboards with metrics, one-click settings.

What's Not Implemented

  • Full database resource monitoring (CPU, I/O).
  • Built-in SQL console.

These features are deferred, with focus on core functionality: backups + security.

Key Highlights

  • Multi-level encryption: AES-256-GCM for secrets and backups + read-only roles.
  • Team collaboration: projects, RBAC, audit logs.
  • Optimization: zstd by default, 8x compression.
  • Integrations: new storages (R2, Azure, Drive), notifications (Slack, Teams).
  • Monitoring: database health checks with alerts.

— Editorial Team

Advertisement 728x90

Read Next